The present and near future in web development
Or: What's hot in PHP?

I normally use CodeIgniter for PHP coding, but as of late I've been noticing that many of the stuff I find myself coding by hand might be easier to do when using one of the existand CMSs around. So, when thinking about possible personal and professional future projects, a question came to mind:

As of 2012, what's the best way of coding a PHP site that could get as big and complicated as it can get?

I wouldn't be aiming for a small blog, but for something that could be expanded as much as it keeps evolving into, while still having the possibility of having total control over what happens.

Are CMSs really the future in web development, rendering frameworks like CodeIgniter useless? Do Drupal and Joomla really have such a slow performance as it's been constantly said in the past?

Late reply, but it piqued my interest so I thought I'd post my 2 cents.

I'm still really not a fan of off-the-shelf CMS systems like Joomla etc, because I find them inherently harder to develop additional features for when compared to things I've coded myself.

At work myself and another dev are currently developing our own 'framework' if you will with features that can be added/removed such as CMS, online shopping, time management, restaurant menus etc.

It's literally just PHP and Twig, but the simple nature of it makes it so easy to develop for, and because we did it from the ground up, we know it inside out. I'm a firm believer than home-grown code is best, provided it's written well

Well, that's also what we're currently doing where I work, but after all the troubles we're going through, I can't help but thinking that all the hard work might be just for making a CRM that almost manages to do the same stuff as those I mentioned.

It feels like trying to make your own SDK for a gaming console instead of getting the official (and more polished) one. I mean, these are open source and being constantly improved and tested by thousands of professionals around the world, after all... right? So they might be worth adapting to, or perhaps they're too inefficient and give too many problems?

I wouldn't care about being able to sell the new CMS, because I'm just assisting the main programmer and I wouldn't get a dime for it, so I'd like to know what would be best for at least some of my future projects, for which I'd need a "solid" foundation.

By the way, perhaps this should be moved to Technical Discussion... EDIT: Thanks.

Indeed, I like to create php from scratch but I must admit that I love Wordpress too. Joomla is cool, but way to messy and heavy to me.

Remember that when creating a cms from scratch the most important part is its security. You don't want people messing with the sites db's easily after all. Be careful when using forms and I'd recommend using MySQLi for stuff.

Indeed, I like to create php from scratch but I must admit that I love Wordpress too. Joomla is cool, but way to messy and heavy to me.

Remember that when creating a cms from scratch the most important part is its security. You don't want people messing with the sites db's easily after all. Be careful when using forms and I'd recommend using MySQLi for stuff.

Well, we're using CodeIgniter for the CMS, which I believe takes care of part of the security stuff.

Out of curiosity, what did you find "messy" and "heavy" in Joomla that made you stay out of it?

Miles Prower, on 31 March 2012 - 02:18 PM, said:

Something akin to CakePHP maybe?

Well, CakePHP is a framework just as CodeIgniter, we just didn't like it as much so we chose the other.

For similar reasons, PHP itself is neither the present nor future of web development, it's the past. Rails is the present, and Node.js is the future.

I'd love to read why you have that oppinion...

Rails lets you do more in less time with less hassle.

Node.js is even more seamless (a web server stub is six lines of code), but it's too young to have as much framework support as Rails, which is why it's the future and not the present. I'm using it for a personal project, but I can't objectively recommend it as The Way.

Honestly, the biggest problem with PHP is that it encourages subpar coders to produce subpar code, in the same way that IE6 taught all the HTML-slingers that they could write bullshit HTML and reload until it looked right, only now the playing field is SQL injections and URL hacking. And since you're talking specifically about future projects of unbounded complexity, I would strongly recommend spending a day apprising yourself of all the options, if nothing else just so you know what's out there.

Rather than pontificate all day, if you're interested, here's an example guide comparing CodeIgniter and Rails directly. It's a couple years old, so you might want to skim it rather than take it as line-for-line gospel. To see the latest state of Rails, try the official getting started guide.

edit: just found a fantastic summary of the state of node.js, its advantages, and what's holding it back (so far), with bonus observations on the ascent of Rails.

Honestly, the biggest problem with PHP is that it encourages subpar coders to produce subpar code, in the same way that IE6 taught all the HTML-slingers that they could write bullshit HTML and reload until it looked right, only now the playing field is SQL injections and URL hacking.

I'd like to see this point elaborated. Do the other frameworks you mentioned force things like auto-sanitizing form submissions unless specifically told not to? Or they have some more specialized or more automatic protection against injections? Because the things you mentioned, sql injections through forms - either GET or POST - are so basic that I'm honestly surprised that they still work on some sites.

I'd like to see this point elaborated. Do the other frameworks you mentioned force things like auto-sanitizing form submissions unless specifically told not to? Or they have some more specialized or more automatic protection against injections? Because the things you mentioned, sql injections through forms - either GET or POST - are so basic that I'm honestly surprised that they still work on some sites.

Rails is MVC and expects you to use active record model classes. So it has 'specialized protection' as part of its general eschewing of writing straight SQL. (If you choose to write straight SQL, you have to take care of it yourself.)

But what I meant by "PHP encourages subpar coders to produce subpar code" was as much cultural as technical. Just on a lark, I googled 'php sample form code' and got this complete garbage. Google 'rails sample form code' and you get this complete reference.

This is unbelievably important! Someone seeking to learn PHP is being taught worse techniques and becomes a worse programmer than someone learning Rails. This is at the core of why you still see sql injections in PHP in 2012. (And in my personal experience, every business PHP site I've been asked to look at has been ludicrously open to hackery.)

Worth noting that the one time the Rails team made the wrong decision on security, with mass assignment, it turned into a shitstorm and they're being forced to reconsider (heh).

Out of curiosity, what did you find "messy" and "heavy" in Joomla that made you stay out of it?

Actually, its not that I stay out of it, its just that I prefer other alternatives when it comes to using it. The problem I have with Joomla is that everything is a plugin/module and its way too structured. If you want to create a totally unique site, you're gonna need to edit a tonshit of files right off the bat. Short Story, It works for corporate sites, but for modern, trending, and good designed sites you will need something that gives you more freedom, Wordpress is an example of a CMS that lets you do whatever you want or need to without obstructing your site pages, no need for modules and stuff, only a header, main body and footer to arrange wherever you need to.

Also, on the Rails discussion, Rails is awesome... I believe a really good killer combo would be its usage for data stuff, and Less (Framework) for appearance, but that's when writing stuff from scratch of course...I'm not that used to Ruby though.

I think it depends on how much work you want to put into it. For my personal website I use the Invision Power suite, IPB and IP.Content for the CMS. Its parser is really weird and so writing code for it can be really quirky and time consuming compared to just writing something from scratch in a blank PHP file. On the flipside though, there's a lot that I can do a lot faster with IP.Content, and it allows me to easily give my website an integrated unified feel, which is really nice

So overall yeah I'd say that CMS is gaining some share for web development but there's something to be said for writing something cool from scratch

But what I meant by "PHP encourages subpar coders to produce subpar code" was as much cultural as technical. Just on a lark, I googled 'php sample form code' and got this complete garbage. Google 'rails sample form code' and you get this complete reference.

Eh, so just because people write idiot guides, the language is suddenly crap? I don't see the problem with the guide you linked to - it only covers forms, not security. It's basic information to get started with, but not something meant to be the backbone of your site. Yes, someone using just that guide would end up creating a honeypot without knowing, but if you blame people for being stupid and ignorant - and others for taking advantage of this - then you might as well blame the entire human race, not PHP.